
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspio.gov 



APPUCATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/578,215 



05/23/2000 



7590 



03/26/2004 



IBM Corporation 
Dept. 917 

3605 Highway 52 North 
Rochester, MN 55901-7829 



Edward B. Boden 



END9 1999 0129 US1 



4856 



EXAMINER 



SON, LINH L D 



ART UNIT 



PAPER NUMBER 



2135 

DATE MAILED: 03/26/2004 



// 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



w 


Application No. 


Applicant(s) 




Office Action Summary 


09/578,215 


BODEN ET AL 




examiner 
Linh LD Son 


An unii 
2135 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )Kl Responsive to communication(s) filed on 23 May 2000 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) ^ Claim(s) 1-22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .1 21 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claim Rejections - 35 USC § 101 



1. 



35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 



claimed invention is directed to non-statutory subject matter. The language of the 
claim raises a question as to whether the claim is directed merely to an abstract idea 
that is not tied to a technological art, environment or machine which would result in a 
practical application producing a concrete, useful, and tangible result to form the basis 
of statutory subject matter under 35 U.S.C. 101 . 

3. Claims 8, 9, 10, 11, 12, and 21 claimed steps of configuring do not require a program 
or software to carry out the task. It is an abstract idea. 

4. Claims 16, and 17 claimed systems for operating and configuration that are not 
tangibly embody. The claimed language of claim 16 does not include software 
operating on a medium or hardware. The claim 17 does not disclose hardware. 



2. 



Claims 8, 9, 10, 11, 12, 16, 17, and 21 are rejected under 35 U.S.C. 101 because the 



5. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1, 12, 13, 16, 18, 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Borella et al (US-6353614) in view of Jain et al (US-6047325). 

7. As per claims 1, 12, 13, 16, 18, 19, 20 and 22, Borella et al disclose "Method and 
System for Distributed Network Address Translation" invention, which includes the 
obtaining a specific private IP from the Network Address Translation (NAT) IP address 
pool to connect to the public Internet from an intranet (Col 6 lines 27-38). However, 
Borella et al do not teach the implementation of Virtual Private Network (VPN) with IP 
Security (IP Sec) with NAT. Nevertheless, Jain et al disclose "Network Device for 
Supporting Construction of Virtual Local Area Networks on Arbitrary Local and Wide 
Area Computer Networks" Invention, which includes: 

The method of obtaining an IP address from the address pool (DHCP) (Col 5 line 25); 
The DHCP service will allocating the specific IP address for the VPN connection; Start 
the VPN Connection; loading to an operating system kernel the security associations 
and connection filters for said VPN connection is obvious in the invention (Col 4 lines 
46-67); obviously the filter and the operating system kernel will process the IP 
datagram for the connection; since the destination IP is NAT, the datagram of NAT 
and VPN is obviously encapsulated at the VPN/NAT server. It is obvious at the time of 
the inventior^for one of ordinary skill in the art to incorporate IPSec with NAT (Jain et 
al Col 5 line 59 to Col 6 line 9), and (Borella et al Col 16 lines 7-24 and Fig 13 176 and 
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178) to protect against both internal and external security breaches. In Claims 12 and 
13 ( it is obvious at the time of the invention was made for one of ordinary skill in the art 
to recognize that the number of connections is limited to the IP address pool. 

8. Claims 2-7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Borella et 
al (US-6353614) in view of Jain et al (US-6047325), and further in view of Arrow (US- 
6226751). 

9. As per claims 2 and 3, Borella et al and Jain et al disclose the method of claim 1 , 
wherein Borella et al and Jain et al do not teach directly the VPN connection is 
configured for some combination of outbound processing, and said applying step 
selectively comprises outbound source IP NATing or outbound destination IP NATing. 
However, Arrow does teach the feature (Col 7 lines 55-67 to Col 8 lines 1-20). It is 
obvious at the time of the invention was made for one of ordinary skill in the art to 
combine all three inventions to fully describe the IPSec NAT method. It is also obvious 
that the same process can be applied to the inbound source IP NATing or Inbound 
destination IP NATing. 

10. As per claims 4 and 5, Borella et al and Jain et al disclose the method of claim 1. 
However, both of the inventions do not mention the use of manually-keyed or 
Dynamically-keyed IP Sec connections. Nevertheless, Arrow does mention the key 
management lookup tables for the authentication identities and the keys (Col 7 lines 
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25-45). It is obvious at the time of the invention was made for one of ordinary skill in 
the art that the key assignment is considered either dynamically or manually. 

11. As per claim 6, Borella et al and Jain et al disclose the method of claim 1 , 
Howerver, both inventions do not teach the integrating NAT with IP Sec Security 
Associations, negotiated dynamically by IKE, wherein said starting step further 
comprises creating a message for IKE containing said IP address from said NAT pool 
and further comprising the step of operating IKE to obtain dynamically negotiated 
keys. Nevertheless, Arrow discloses the method of assigning key using the key 
management protocol in claim 5. It is obvious at the time of the invention was made 
for one of ordinary skill in the art that the feature is fully implied (Arrow Col 7 lines 25- 
45 and Col 10 lines 1-45) combining with the NAT pool in Borella et al invention. The 
lookup table contains and identifies the authentication and the key management 
protocol information. 

12. As per claim 7, Borella et al, Jain et al and Arrow disclose the method of claim 6. It is 
obvious at the time of the invention for one of ordinary skill in the art that the loading 
step of loading the result as security associations into said operating system kernel to 
combine the dynamically obtained keys with the NAT pool IP address is a part of the 
system. The obtained key is used to encrypt the packet with source and destination, 
which contains the NAT IP address (Arrow Col 10 lines 1-43). 
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13. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Arrow (US- 
6226751). 

14. As per claim 1 1 , Arrow discloses method of providing customer tracking of VPN NAT 
activities (Col 10 lines 17-20) as they occur in an operating system kernel (Col 9 lines 
35-40 and Col 10 lines 32-43). However, Arrow does not directly disclose the steps of: 
responsive to VPN connection configuration, generating journal records; updating said 
journal; records with new records for each datagram processed through a VPN 
connection; and enabling a customer to manage said journal records. Nevertheless, 
Col 10 lines 17-20 teach the use of the Simple Network Management Protocol to get 
the traffic statistics. It is obvious at the time of the invention was made for one of 
ordinary skill in the art to recognize that the same protocol includes the claim feature 
completely. 

Claim Rejections - 35 USC § 102 

15. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

16. Claims 14 and 15 are rejected under 35 U.S.C. 102(e) as being anticipated by Borella 



et al (US-6353614). 
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17. As per claim 14, Borella et al teaches the method of performing network address 
translation on selected ICMP datagrams, comprising the steps of: detecting selected 
types of ICMP type packets (Fig 3 and Col 5 lines 1-13); since ICMP datagram is 
nothing different than an IP datagram, it could also be used to perform network 
address translation functions on the entire datagram (Col 5 lines 1-13). 

18. As per claim 15, Borella et al disclose a method of performing network address 
translation on selected FTP datagrams, comprising the steps of: detecting the 
occurrence of FTP PORT or PASV FTP commands; and responsive to said command, 
performing network address translation on the FTP data and the header (Col 2 lines 
22-28). 

Conclusion 

19. Any inquiry concerning this communication from the examiner should be directed to 
Linh Son whose telephone number is (703)-305-8914 or Fax to 703-746-9821. 

20. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor Kim Y. Vu can be reached at (703)-305-4393. The fax numbers for this 
group are (703)-872-9306 (official fax). Any inquiry of general nature or relating to the 
status of this application or proceeding should be directed to the group receptionist 
whose telephone number is (703)-305-9600. 



Linh LD Son 




